[Zope-dev] New security model and products breaking zope management

Bill Anderson bill@libc.org
Mon, 26 Jun 2000 15:20:40 -0600


"R. David Murray" wrote:
> 
> OK, I've stared at this for a couple days and have not made any progress.
> Perhaps others will have some insights.
> 
> Zope 2.2.0b2, clean install.  Works fine.  Add EMarket.  Now the
> management is broken.  Accessing the base URL of the site with
> /manage_main appended gives you the file list view of the root
> folder, with no prompt for authentication.  Accessing /manage
> prompts for a login, but the right panel view is the import/export
> screen and not the folder list.  There's other weird stuff, like
> a key error on "a_", which appears to be temporary variable used
> in one of the DTML management pages.
> 
> I've read Brian's 2.2 product security update, and it looks to me like
> EMarket is Doing the Right Thing (though I haven't checked completely for
> unprotected methods yet), which makes sense since it was a working
> product <grin>.
> 
> I have a private report that eTailor also has this problem, but haven't
> tested it myself.

If I am not the source of that report, chalk up another one for the
tally.